Pierluigi Paganini
March 08, 2023
Fortinet addressed a critical heap buffer underflow vulnerability affecting FortiOS and FortiProxy, which can lead to arbitrary code execution. Fortinet addressed a critical buffer underwrite (‘buffer underflow’) vulnerability, tracked as CVE-2023-25610 (CVSS v3 9.3), that resides in the administrative interface in FortiOS and FortiProxy. A remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary […]
Pierluigi Paganini
March 08, 2023
Veeam addressed a high-severity vulnerability in the Backup Service that impacts Backup & Replication software. Veeam addressed a high-severity vulnerability in the Backup Service, tracked as CVE-2023-27532 (CVSS v3 score: 7.5), that impacts all versions of Backup & Replication software versions. “Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the […]
Pierluigi Paganini
March 08, 2023
North Korea-linked Lazarus APT group exploits a zero-day vulnerability in attacks aimed at a South Korean financial entity. ASEC (AhnLab Security Emergency Response Center) observed North Korea-linked Lazarus APT group exploiting a zero-day vulnerability in an undisclosed software to breach a financial business entity in South Korea. The nation-state actors breached twice the company in one year. The first […]
Pierluigi Paganini
March 08, 2023
US CISA added actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog. US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog: The CVE-2022-35914 flaw is a PHP code injection vulnerability that resides in the /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI […]
Pierluigi Paganini
March 08, 2023
China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia. The state-sponsored hackers used a new version of the SoulSearcher loader, which eventually loads a new […]
Pierluigi Paganini
March 08, 2023
Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager. Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8) and CVE-2022-31678 (CVSS score of 9.1), in VMware NSX Manager. VMware NSX is a network virtualization solution that is […]
Pierluigi Paganini
March 07, 2023
Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer, that since November 2022 was employed in attacks aimed at critical government infrastructure employees, manufacturing companies, and other sectors. The experts found similarities between the SYS01 stealer and another […]
Pierluigi Paganini
March 07, 2023
Taiwanese multinational hardware and electronics corporation Acer discloses a data breach after a threat actor claimed the hack of the company. Recently a threat actor announced the availability for sale of 160 GB of data allegedly stolen from the Taiwanese multinational hardware and electronics corporation Acer. The threat actor announced the hack on a popular cybercrime forum, he claims […]
Pierluigi Paganini
March 07, 2023
Security researcher released a proof-of-concept exploit code for a critical flaw, tracked as CVE-2023-21716, in Microsoft Word. Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word. The vulnerability can be exploited by a remote attacker to execute arbitrary code on a […]
Pierluigi Paganini
March 07, 2023
The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” […]
